<?php
session_start();

$_SESSION['server'] = "localhost";
$_SESSION['user'] = "root";
$_SESSION['pass'] = "";
$_SESSION['dbname'] = "bazar";

function getConnection(){

	if (!$_SESSION['conexiune'])
	{
		$_SESSION['conexiune'] = mysql_connect('localhost','root','');
		if (!$_SESSION['conexiune']) {
		    die('Could not connect: ' . mysql_error());
		}
		mysql_select_db($_SESSION['dbname'],$_SESSION['conexiune']) or die (mysql_error());
		
	}
	
	return $_SESSION['conexiune'];
}

function login ($u, $p)
{
	$query = "select * from user where username ='".escInjection($u)."'";
	$results = mysql_query($query,getConnection()) or die (mysql_error());
	if(mysql_num_rows($results) != 1)
	{
		return false;
	}
	
	while ($row = mysql_fetch_assoc($results)) 
	{
		if($row['password'] != $p)
		{
			$_SESSION['error'] = "Login failed.";
			return false;
		}
	
	    $_SESSION["firstname"] = $row['firstname'];
	    $_SESSION["lastname"] = $row['lastname'];
	    $_SESSION["username"] = $row['username'];
	    $_SESSION["password"] = $row['password'];
	    $_SESSION["email"] = $row['email'];
	}
	
	return true;
}

function escInjection ($clean)
{
	$clean=mysql_real_escape_string(trim($clean),getConnection());
	return $clean;
}
?>
